Insecure SSL/TLS options being allowed

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
xeon
226 Transfer OK
Posts: 131
Joined: 2009-08-19 03:18

Insecure SSL/TLS options being allowed

#1 Post by xeon » 2013-10-08 03:16

Hello,

There are a few insecure server configurations that are still being allowed in FileZilla Client.

- 512-1024-bit certificates are still being accepted.
- 512-1024-bit DH parameters are still being accepted.
- Certificates with MD5-based signatures are still being accepted.
Top
User avatar
botg
Site Admin
Posts: 35535
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Insecure SSL/TLS options being allowed

#2 Post by botg » 2013-10-08 06:09

Do you have example hosts were such parameters are being negotiated?
Top
xeon
226 Transfer OK
Posts: 131
Joined: 2009-08-19 03:18

Re: Insecure SSL/TLS options being allowed

#3 Post by xeon » 2013-10-09 00:22

botg wrote:Do you have example hosts were such parameters are being negotiated?
I don't know of any hosts that have them. I was just testing locally if FileZilla Client would negotiate with a server using such insecure methods, and it does.
Top
User avatar
botg
Site Admin
Posts: 35535
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Insecure SSL/TLS options being allowed

#4 Post by botg » 2013-10-10 20:05

To clarify, are you using one of the FileZilla binaries as available from https://filezilla-project.org/ or a package from elsewhere?
Top
xeon
226 Transfer OK
Posts: 131
Joined: 2009-08-19 03:18

Re: Insecure SSL/TLS options being allowed

#5 Post by xeon » 2013-10-10 21:38

I'm using FileZilla_3.7.3_win32-setup.exe from your site.
Top
Post Reply

Return to “FileZilla Client Support”